Application Security Engineer
Acronis is a world leader in cyber protection—empowering people by providing them with cutting-edge technology that enables them to monitor, control, and protect the data that their businesses and lives depend on. We are in an exciting phase of rapid-growth and expansion and looking for someone who is ready to join us in creating a #CyberFit future and protecting the digital world!
People entrust Acronis with their data. We are responsible for keeping it safe and this constitutes the essence of the application security researcher job. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect applications.
Every member of our “A-Team” has an instrumental role and impact on the success of Acronis’ innovative and growing business, so we are looking for someone who enjoys working in dynamic, global teams and thrives in a fast-paced and rapidly changing work environment. Just like everyone at Acronis, the ideal candidate will embody all of our company values: responsive, alert, detail-oriented, makes decisions, and never gives up.
WHAT YOU'LL DO
- Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
- Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
- Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
- Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
- Conduct security assessments for software components developed in the company
- Validate external security reports and bug bounty submissions
- Take part in the SLDC process development and implementation
- Conduct post-mortem reviews of application security bugs
- Consult engineers on application security matters, train them on secure development practices
- Your typical day will look like:
- A call or two with Development, Product Management teams to discuss security-related issues
- Review of new tickets @ http://hackerone.com/acronis.
- Penetration test of new features
- Work with the Infrastructure Security and Security Compliance teams on projects like security hardening of existed
- Helping other security teams with expertise, knowledge, and advice
WHAT YOU BRING (EXPERIENCE & QUALIFICATIONS)
- 2+ years experience in Application Security
- Strong knowledge of the modern web/ mobile/ network security
- Understanding of security models of Web/REST API, cloud, mobile and desktop apps
- Hands on experience with security assessment tools and attack techniques. You should be able to go well beyond inserting a quote in URLs
- Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage
- Readiness to answer in an interview the following questions:
- What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
- Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses
- (Windows Security) Your opinion about LPE from Admin to the System user
- How to count possible compromised accounts?
- To write a simple exploit or a few lines of code that allows checking some kind of attacking vector
- We also would like to know what is your favourite security field and where do you want to know more
- At least Upper-intermediate level of English
WHO WE ARE:
Acronis is revolutionizing cyber protection by unifying backup, disaster recovery, storage, next-generation anti-malware, and protection management into one solution. This all-in-one integration removes the complexity and risks associated with non-integrated solutions and offers easy, complete and reliable data protection for all workloads, applications, and systems across any environment—all at a low and predictable cost.
Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, and top-tier professional sports teams. Acronis products are available through over 50,000 partners and service providers in over 150 countries and 26 languages.
Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances